The certificates in the repo are signed by DTS Root CA X3, not
ISRG Root X1. This would cause issues with unknown issuer. Install
DST Root CA X3 instead of ISRG Root X1 into nssdb to resolve this.
The DST Root CA X3 also has to be marked as trusted CA in order
for the verification of certutil to pass.
The certificates in the repo are signed by DTS Root CA X3, not ISRG Root X1. This would cause issues with unknown issuer. Install DST Root CA X3 instead of ISRG Root X1 into nssdb to resolve this.
The DST Root CA X3 also has to be marked as trusted CA in order for the verification of certutil to pass.
Fixes freeipa/freeipa-letsencrypt#1